2.7.17

Workplace social media security: 5 questions answered



Since it’s Social Media Day today, there is likely to be an increased focus on the impact of social media and the way it is used by businesses across the world.
Social media use has skyrocketed for businesses all over the world, with many companies using it as a way of strengthening their brands and reaching out to new and existing customers.
It’s clear that social media is likely to continue its popularity with businesses although, in an age where information security has never been such a pressing issue, there are still questions that need to be addressed.
1. Is social media really a threat to security?
The threat posed to security by social media is nothing new. A report released by Cisco in 2013 claimed mass audience sites, which include social media, pose a significant threat to information security.
One obvious threat is the potential for blurring the line separating personal information and company data, particularly when a user is using a social media account for both personal and work purposes.
This risk may be underestimated by workers, many of whom may believe their social media accounts are not carrying anything of interest for cybercriminals, but it can still be used as a portal into a company’s wider network.
2. So is social media a weak spot?
Potentially. The use of phishing to compromise email accounts has been well-documented, but they can take on a new dimension when combined with social media.
For example, if cybercriminals can compromise a LinkedIn account, they can potentially fool others on the network into thinking they are genuinely one of their coworkers, opening up the possibility of handing over sensitive information.
3. But if they don’t get that far, there’s nothing to worry about?
Not exactly. Social media output is a key component of a brand’s overall image. If a cybercriminal manages to compromise one of these channels it could prove damaging.
For instance, in 2013 a hacker was able to gain access to the Twitter account of Burger King and then used it to display the McDonald’s logo, along with explicit obscenities. Similarly, it’s not exactly reassuring when someone like Mark Zuckerberg has his social networks compromised.
4. What can be done to make things better?
Setting up a rigid social media policy to protect company accounts is always a good a start.
A code of conduct for employees, as part of a wider cybersecurity program, can include the implementation of strong passwords, with weak logins such as 123456 still all too common.
Other potential points include monitoring engagement with brand mentions, offering guidance on how to spot malicious software, implementing two-factor authentication, and ensuring that only brand-approved content is shared.
Implementing a policy is particularly important for businesses operating more than one social media account, although it is equally important not to discourage employee participation as this will hinder the benefits these platforms bring.
5. Is it the employer’s responsibility to safeguard social media security?
Employers should always try to educate their workforce on the potential dangers of social media as best they can, but employees themselves need to remain vigilant.
For example, it’s important to be cautious of links embedded in email messages, even if they appear to be from a social network provider.
Always ensure links come from trusted sources. If in doubt, connect to site’s URL directly by typing it into your browser.
Always keep a track of what devices have access to your accounts, and utilize any available service that will notify you when a new login occurs.
Furthermore, workers shouldn’t risk leaving themselves vulnerable by posting potentially sensitive information on social media.
For more on how to keep your organization safe from cybercrime, and boost cybersecurity knowledge among your employees, check out ESET’s free Cybersecurity Awareness Training.